SecureAuth® RADIUS Server v20.12 documentation

Updated December 16, 2020

Use the SecureAuth® Identity Platform RADIUS Server to configure two-factor authentication login access to a VPN and remote resources via RADIUS. This optional component is typically installed on a SecureAuth Identity Platform appliance or on a stand-alone server.

See the SecureAuth compatibility guide for product and component compatibility with operating systems, Authenticate app, browsers, Java, data stores, identity types, SSO/post-authentication actions, Login for Windows, Login for Mac, and YubiKey.

Release notes

The following sections describe the release highlights and enhancements, including resolved and known issues, for the SecureAuth RADIUS server version 20.12.

Release highlights

Read on to learn more about the new features in the SecureAuth RADIUS server version 20.12.

SecureAuth RADIUS supports the link-to-accept multi-factor authentication method. Administrators can enable end users to receive a link on a registered phone or email address, and then end users can click the link to authenticate. See Multi-screen login workflows.

Added GUID to identify requests for a session

By default, SecureAuth RADIUS now adds the globally unique identifier (GUID) to the authentication API X-Request-ID header for each request made to the Identity Platform. This matches requests in SecureAuth RADIUS logs with requests in the Identity Platform log. Admins needing to search the Identity Platform log file for a specific user during the same session can do so by using the GUID. See View GUID added to the X-Request-ID header.


Version: 20.12

Release Date: December 14, 2020

Compatibility: Note the following compatibility requirements:

  • SecureAuth IdP v9.2.x or later, and the SecureAuth Identity Platform v19.07 or later

  • Biometric face and fingerprint recognition through SecureAuth Authenticate mobile app and Symbol-to-Accept are compatible with SecureAuth Identity Platform v19.07 or later only.

  • Biometric fingerprint and face (iOS only) recognition require SecureAuth Identity Platform v19.07 or later, using the 2019 theme.

  • Transactional logging requires SecureAuth Identity Platform v20.06 or later, using the /authenticated endpoint.

  • Link-to-accept requires SecureAuth Identity Platform hotfix version 19.07.01-25 or later or v20.06-2 or later.


End users can use the following special characters in user IDs: + ~ . ! @ $ % ^ & * ' _ (that is, plus sign, tilde, period, exclamation point, at sign, dollar sign, percent, caret, ampersand, asterisk, single quote, underscore)


Improvements to log levels and log messages were made to the SecureAuth RADIUS server logs.

Known issues


SecureAuth RADIUS server v20.12 sometimes has issues when importing config files that were exported from RADIUS server v20.03 or 20.06 with a shared secret configured for a RADIUS client. (No issues exist if RADIUS server v20.03 or 20.06 was configured with a general shared secret set on the RADIUS Server Settings page.)

Workaround: Set the shared secret for each v20.12 RADIUS client again.


Customers running SecureAuth IdP v9.2 with end users who use special characters in their user ID will not be able to authenticate.

Workaround: Customers running SecureAuth IdP v9.2 must disable support for special characters. See step 12 in Install the SecureAuth Identity Platform RADIUS server.